Be alert: more scams on the way for the holidays

The scams are coming thick and fast as the GadgetGuy inbox starts to get clogged, and that can only mean one thing: Christmas is coming.

“It’s the most wonderful time of the year,” sang Andy Williams, but we can bet when writers Pola and Wyle were writing it to begin with, they didn’t think it would be felt by scammers and con artists to ensnare the details of regular people just going about their lives.

But that’s exactly what is happening, as emails begin to flood our inboxes and yours too, pitching updates and changes to security policies from companies nearly every net-citizen relies on, even though the emails have nothing to do with them and act as traps to lose your details to.

This weekend, we received one that grabbed our attention.

It was basic and stated “Policy Updates” in bright blue letters, with a small amount of text telling us that our account wasn’t quite right, and that we should log in to fix this.

But the text was a con, just like the rest of the email, even though it was trying hard to convince us it was from PayPal, which it worded as “PayPaI,” with a capitalised letter “i” reading as PayPal (with an “l”) just to confuse us.

Under Chrome on our Mac, that PayPaI reads with its serifs, and we’re able to see that it’s fake, but a passing glance on a phone suggests it’s from PayPal (again, with an “l”), and that could be enough to grab you and your details in the process.

Click on the link — and you shouldn’t — and you’re taken to a scam site designed to look like PayPal, complete with a PayPal image taken from the original website, but with forms that go somewhere else, and a URL up top that is definitely not part of PayPal.

Unfortunately, this email is just the first of many, as the holidays tend to get scammers out and into the open, sending more emails to everyone.

“Holiday periods offer cybercriminals messaging which appears to be relevant to users,” said Andrew Mamonitis, Managing Director for Kaspersky Labs in Australia and New Zealand.

“With the ease in which spam is delivered, people are attuned to clicking on links which on face value appear customised to their online habits,” he said. “As people are often online searching for items relating to particular holiday periods, they are quick to click on links which appear relevant to what they may be searching for.”

Trend Micro’s Director in Australia Tim Falinski agrees, telling GadgetGuy that it sees “scams spike in periods like this, as cybercriminals are opportunists who are keen to take advantage of key shopping periods.”

“During the lead up to Christmas, consumers have a big appetite for finding discounts and bargains which sees to considerably higher levels of web traffic,” said Falinski. “Cybercriminals recognise this and target specific items that users might be looking for in particular when shopping online, such as gadgets. toys, video games/consoles, software, and so on.”

Or in this case, a service consumers might be relying on, such as PayPal, with the idea being that the details captured at a scam site could be used to log in to your real account, which translates to a loss of real money, and possibly more.

So many online accounts are protected by the same password, and scammers are preying on this, with the possibility that your captured details can be used in more than one place, and the likelihood that for at least one account, it will certainly be the case.

“It’s important for people to adopt the same level of caution in the online space as they do in the ‘real’ world,” said Kaspersky’s Mamonitis. “Correspondence, no matter how relevant the subject matter is to the user, should not be taken on face value.”

“Online incentives from unknown senders asking users to perform specific actions need to be examined, even if it is merely an invitation to click on a link,” he said.

It shouldn’t be hard for us to tell you not to click on the link.

We did for this story, but you shouldn’t click on a link if you can’t vouch for the authenticity.

Signs the webpage are a scam include the two borders on the email and password form (above), showing that they’re just form fields sitting on top of an image, while the URL below is the other dead giveaway since it is most certainly not PayPal.

It’s hard to expect everyone to check the links ahead of time — especially on a phone where it’s a little harder to do — but read through the email first, and if it offers a link, the surefire way of making sure it’s real is to login at the website by having you type the URL into your web browser, not by clicking a link that could be fake.

“If you’re a huge online shopper and you use your mobile device to do all your buying, check if your favourite site has an app and use that instead. This allows for a more secure transaction between you, the customer, and the website,” he said.

Outside of that option, there’s also having security on the computers and phones, which will help deal with any unwanted scams or attacks. Unfortunately, we’re at the point where security software is a necessity these days, and if you’re going to own a phone or a computer — or both — you need some, and that’s all there is to it.

Education, however, is the other side of the story, and the more you know about the scams and security issues of the world, the better you’ll be equipped to deal with it in every season, not just this year’s holidays.